2 * cfg80211 scan result handling
4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
6 #include <linux/kernel.h>
7 #include <linux/slab.h>
8 #include <linux/module.h>
9 #include <linux/netdevice.h>
10 #include <linux/wireless.h>
11 #include <linux/nl80211.h>
12 #include <linux/etherdevice.h>
14 #include <net/cfg80211.h>
15 #include <net/cfg80211-wext.h>
16 #include <net/iw_handler.h>
19 #include "wext-compat.h"
22 #define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ)
24 static void bss_release(struct kref *ref)
26 struct cfg80211_internal_bss *bss;
28 bss = container_of(ref, struct cfg80211_internal_bss, ref);
29 if (bss->pub.free_priv)
30 bss->pub.free_priv(&bss->pub);
32 if (bss->beacon_ies_allocated)
33 kfree(bss->pub.beacon_ies);
34 if (bss->proberesp_ies_allocated)
35 kfree(bss->pub.proberesp_ies);
37 BUG_ON(atomic_read(&bss->hold));
42 /* must hold dev->bss_lock! */
43 static void __cfg80211_unlink_bss(struct cfg80211_registered_device *dev,
44 struct cfg80211_internal_bss *bss)
46 list_del_init(&bss->list);
47 rb_erase(&bss->rbn, &dev->bss_tree);
48 kref_put(&bss->ref, bss_release);
51 /* must hold dev->bss_lock! */
52 static void __cfg80211_bss_expire(struct cfg80211_registered_device *dev,
53 unsigned long expire_time)
55 struct cfg80211_internal_bss *bss, *tmp;
58 list_for_each_entry_safe(bss, tmp, &dev->bss_list, list) {
59 if (atomic_read(&bss->hold))
61 if (!time_after(expire_time, bss->ts))
64 __cfg80211_unlink_bss(dev, bss);
69 dev->bss_generation++;
72 void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
74 struct cfg80211_scan_request *request;
75 struct wireless_dev *wdev;
76 #ifdef CONFIG_CFG80211_WEXT
77 union iwreq_data wrqu;
80 ASSERT_RDEV_LOCK(rdev);
82 request = rdev->scan_req;
90 * This must be before sending the other events!
91 * Otherwise, wpa_supplicant gets completely confused with
95 cfg80211_sme_scan_done(wdev->netdev);
97 if (request->aborted) {
98 nl80211_send_scan_aborted(rdev, wdev);
100 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
101 /* flush entries from previous scans */
102 spin_lock_bh(&rdev->bss_lock);
103 __cfg80211_bss_expire(rdev, request->scan_start);
104 spin_unlock_bh(&rdev->bss_lock);
106 nl80211_send_scan_done(rdev, wdev);
109 #ifdef CONFIG_CFG80211_WEXT
110 if (wdev->netdev && !request->aborted) {
111 memset(&wrqu, 0, sizeof(wrqu));
113 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL);
118 dev_put(wdev->netdev);
120 rdev->scan_req = NULL;
123 * OK. If this is invoked with "leak" then we can't
124 * free this ... but we've cleaned it up anyway. The
125 * driver failed to call the scan_done callback, so
126 * all bets are off, it might still be trying to use
127 * the scan request or not ... if it accesses the dev
128 * in there (it shouldn't anyway) then it may crash.
134 void __cfg80211_scan_done(struct work_struct *wk)
136 struct cfg80211_registered_device *rdev;
138 rdev = container_of(wk, struct cfg80211_registered_device,
141 cfg80211_lock_rdev(rdev);
142 ___cfg80211_scan_done(rdev, false);
143 cfg80211_unlock_rdev(rdev);
146 void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
148 trace_cfg80211_scan_done(request, aborted);
149 WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req);
151 request->aborted = aborted;
152 queue_work(cfg80211_wq, &wiphy_to_dev(request->wiphy)->scan_done_wk);
154 EXPORT_SYMBOL(cfg80211_scan_done);
156 void __cfg80211_sched_scan_results(struct work_struct *wk)
158 struct cfg80211_registered_device *rdev;
159 struct cfg80211_sched_scan_request *request;
161 rdev = container_of(wk, struct cfg80211_registered_device,
162 sched_scan_results_wk);
164 request = rdev->sched_scan_req;
166 mutex_lock(&rdev->sched_scan_mtx);
168 /* we don't have sched_scan_req anymore if the scan is stopping */
170 if (request->flags & NL80211_SCAN_FLAG_FLUSH) {
171 /* flush entries from previous scans */
172 spin_lock_bh(&rdev->bss_lock);
173 __cfg80211_bss_expire(rdev, request->scan_start);
174 spin_unlock_bh(&rdev->bss_lock);
175 request->scan_start =
176 jiffies + msecs_to_jiffies(request->interval);
178 nl80211_send_sched_scan_results(rdev, request->dev);
181 mutex_unlock(&rdev->sched_scan_mtx);
184 void cfg80211_sched_scan_results(struct wiphy *wiphy)
186 trace_cfg80211_sched_scan_results(wiphy);
187 /* ignore if we're not scanning */
188 if (wiphy_to_dev(wiphy)->sched_scan_req)
189 queue_work(cfg80211_wq,
190 &wiphy_to_dev(wiphy)->sched_scan_results_wk);
192 EXPORT_SYMBOL(cfg80211_sched_scan_results);
194 void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
196 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
198 trace_cfg80211_sched_scan_stopped(wiphy);
200 mutex_lock(&rdev->sched_scan_mtx);
201 __cfg80211_stop_sched_scan(rdev, true);
202 mutex_unlock(&rdev->sched_scan_mtx);
204 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
206 int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
207 bool driver_initiated)
209 struct net_device *dev;
211 lockdep_assert_held(&rdev->sched_scan_mtx);
213 if (!rdev->sched_scan_req)
216 dev = rdev->sched_scan_req->dev;
218 if (!driver_initiated) {
219 int err = rdev_sched_scan_stop(rdev, dev);
224 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED);
226 kfree(rdev->sched_scan_req);
227 rdev->sched_scan_req = NULL;
232 /* must hold dev->bss_lock! */
233 void cfg80211_bss_age(struct cfg80211_registered_device *dev,
234 unsigned long age_secs)
236 struct cfg80211_internal_bss *bss;
237 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC);
239 list_for_each_entry(bss, &dev->bss_list, list) {
240 bss->ts -= age_jiffies;
244 void cfg80211_bss_expire(struct cfg80211_registered_device *dev)
246 __cfg80211_bss_expire(dev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE);
249 const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len)
251 while (len > 2 && ies[0] != eid) {
257 if (len < 2 + ies[1])
261 EXPORT_SYMBOL(cfg80211_find_ie);
263 const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type,
264 const u8 *ies, int len)
266 struct ieee80211_vendor_ie *ie;
267 const u8 *pos = ies, *end = ies + len;
271 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos,
276 if (end - pos < sizeof(*ie))
279 ie = (struct ieee80211_vendor_ie *)pos;
280 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2];
281 if (ie_oui == oui && ie->oui_type == oui_type)
288 EXPORT_SYMBOL(cfg80211_find_vendor_ie);
290 static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2)
292 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1);
293 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2);
295 /* equal if both missing */
298 /* sort missing IE before (left of) present IE */
304 /* sort by length first, then by contents */
305 if (ie1[1] != ie2[1])
306 return ie2[1] - ie1[1];
307 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
310 static bool is_bss(struct cfg80211_bss *a,
312 const u8 *ssid, size_t ssid_len)
316 if (bssid && !ether_addr_equal(a->bssid, bssid))
322 ssidie = cfg80211_find_ie(WLAN_EID_SSID,
323 a->information_elements,
324 a->len_information_elements);
327 if (ssidie[1] != ssid_len)
329 return memcmp(ssidie + 2, ssid, ssid_len) == 0;
332 static bool is_mesh_bss(struct cfg80211_bss *a)
336 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability))
339 ie = cfg80211_find_ie(WLAN_EID_MESH_ID,
340 a->information_elements,
341 a->len_information_elements);
345 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
346 a->information_elements,
347 a->len_information_elements);
354 static bool is_mesh(struct cfg80211_bss *a,
355 const u8 *meshid, size_t meshidlen,
360 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability))
363 ie = cfg80211_find_ie(WLAN_EID_MESH_ID,
364 a->information_elements,
365 a->len_information_elements);
368 if (ie[1] != meshidlen)
370 if (memcmp(ie + 2, meshid, meshidlen))
373 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
374 a->information_elements,
375 a->len_information_elements);
378 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
382 * Ignore mesh capability (last two bytes of the IE) when
383 * comparing since that may differ between stations taking
384 * part in the same mesh.
386 return memcmp(ie + 2, meshcfg,
387 sizeof(struct ieee80211_meshconf_ie) - 2) == 0;
390 static int cmp_bss_core(struct cfg80211_bss *a,
391 struct cfg80211_bss *b)
395 if (a->channel != b->channel)
396 return b->channel->center_freq - a->channel->center_freq;
398 if (is_mesh_bss(a) && is_mesh_bss(b)) {
399 r = cmp_ies(WLAN_EID_MESH_ID,
400 a->information_elements,
401 a->len_information_elements,
402 b->information_elements,
403 b->len_information_elements);
406 return cmp_ies(WLAN_EID_MESH_CONFIG,
407 a->information_elements,
408 a->len_information_elements,
409 b->information_elements,
410 b->len_information_elements);
414 * we can't use compare_ether_addr here since we need a < > operator.
415 * The binary return value of compare_ether_addr isn't enough
417 return memcmp(a->bssid, b->bssid, sizeof(a->bssid));
420 static int cmp_bss(struct cfg80211_bss *a,
421 struct cfg80211_bss *b)
425 r = cmp_bss_core(a, b);
429 return cmp_ies(WLAN_EID_SSID,
430 a->information_elements,
431 a->len_information_elements,
432 b->information_elements,
433 b->len_information_elements);
436 static int cmp_hidden_bss(struct cfg80211_bss *a,
437 struct cfg80211_bss *b)
444 r = cmp_bss_core(a, b);
448 ie1 = cfg80211_find_ie(WLAN_EID_SSID,
449 a->information_elements,
450 a->len_information_elements);
451 ie2 = cfg80211_find_ie(WLAN_EID_SSID,
452 b->information_elements,
453 b->len_information_elements);
455 /* Key comparator must use same algorithm in any rb-tree
456 * search function (order is important), otherwise ordering
457 * of items in the tree is broken and search gives incorrect
458 * results. This code uses same order as cmp_ies() does. */
460 /* sort missing IE before (left of) present IE */
466 /* zero-size SSID is used as an indication of the hidden bss */
470 /* sort by length first, then by contents */
471 if (ie1[1] != ie2[1])
472 return ie2[1] - ie1[1];
474 /* zeroed SSID ie is another indication of a hidden bss */
475 for (i = 0; i < ie2[1]; i++)
482 struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
483 struct ieee80211_channel *channel,
485 const u8 *ssid, size_t ssid_len,
486 u16 capa_mask, u16 capa_val)
488 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
489 struct cfg80211_internal_bss *bss, *res = NULL;
490 unsigned long now = jiffies;
492 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask,
495 spin_lock_bh(&dev->bss_lock);
497 list_for_each_entry(bss, &dev->bss_list, list) {
498 if ((bss->pub.capability & capa_mask) != capa_val)
500 if (channel && bss->pub.channel != channel)
502 /* Don't get expired BSS structs */
503 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
504 !atomic_read(&bss->hold))
506 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
513 spin_unlock_bh(&dev->bss_lock);
516 trace_cfg80211_return_bss(&res->pub);
519 EXPORT_SYMBOL(cfg80211_get_bss);
521 struct cfg80211_bss *cfg80211_get_mesh(struct wiphy *wiphy,
522 struct ieee80211_channel *channel,
523 const u8 *meshid, size_t meshidlen,
526 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
527 struct cfg80211_internal_bss *bss, *res = NULL;
529 spin_lock_bh(&dev->bss_lock);
531 list_for_each_entry(bss, &dev->bss_list, list) {
532 if (channel && bss->pub.channel != channel)
534 if (is_mesh(&bss->pub, meshid, meshidlen, meshcfg)) {
541 spin_unlock_bh(&dev->bss_lock);
546 EXPORT_SYMBOL(cfg80211_get_mesh);
549 static void rb_insert_bss(struct cfg80211_registered_device *dev,
550 struct cfg80211_internal_bss *bss)
552 struct rb_node **p = &dev->bss_tree.rb_node;
553 struct rb_node *parent = NULL;
554 struct cfg80211_internal_bss *tbss;
559 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn);
561 cmp = cmp_bss(&bss->pub, &tbss->pub);
564 /* will sort of leak this BSS */
574 rb_link_node(&bss->rbn, parent, p);
575 rb_insert_color(&bss->rbn, &dev->bss_tree);
578 static struct cfg80211_internal_bss *
579 rb_find_bss(struct cfg80211_registered_device *dev,
580 struct cfg80211_internal_bss *res)
582 struct rb_node *n = dev->bss_tree.rb_node;
583 struct cfg80211_internal_bss *bss;
587 bss = rb_entry(n, struct cfg80211_internal_bss, rbn);
588 r = cmp_bss(&res->pub, &bss->pub);
601 static struct cfg80211_internal_bss *
602 rb_find_hidden_bss(struct cfg80211_registered_device *dev,
603 struct cfg80211_internal_bss *res)
605 struct rb_node *n = dev->bss_tree.rb_node;
606 struct cfg80211_internal_bss *bss;
610 bss = rb_entry(n, struct cfg80211_internal_bss, rbn);
611 r = cmp_hidden_bss(&res->pub, &bss->pub);
625 copy_hidden_ies(struct cfg80211_internal_bss *res,
626 struct cfg80211_internal_bss *hidden)
628 if (unlikely(res->pub.beacon_ies))
630 if (WARN_ON(!hidden->pub.beacon_ies))
633 res->pub.beacon_ies = kmalloc(hidden->pub.len_beacon_ies, GFP_ATOMIC);
634 if (unlikely(!res->pub.beacon_ies))
637 res->beacon_ies_allocated = true;
638 res->pub.len_beacon_ies = hidden->pub.len_beacon_ies;
639 memcpy(res->pub.beacon_ies, hidden->pub.beacon_ies,
640 res->pub.len_beacon_ies);
643 static struct cfg80211_internal_bss *
644 cfg80211_bss_update(struct cfg80211_registered_device *dev,
645 struct cfg80211_internal_bss *res)
647 struct cfg80211_internal_bss *found = NULL;
650 * The reference to "res" is donated to this function.
653 if (WARN_ON(!res->pub.channel)) {
654 kref_put(&res->ref, bss_release);
660 spin_lock_bh(&dev->bss_lock);
662 found = rb_find_bss(dev, res);
665 found->pub.beacon_interval = res->pub.beacon_interval;
666 found->pub.tsf = res->pub.tsf;
667 found->pub.signal = res->pub.signal;
668 found->pub.capability = res->pub.capability;
672 if (res->pub.proberesp_ies) {
673 size_t used = dev->wiphy.bss_priv_size + sizeof(*res);
674 size_t ielen = res->pub.len_proberesp_ies;
676 if (found->pub.proberesp_ies &&
677 !found->proberesp_ies_allocated &&
678 ksize(found) >= used + ielen) {
679 memcpy(found->pub.proberesp_ies,
680 res->pub.proberesp_ies, ielen);
681 found->pub.len_proberesp_ies = ielen;
683 u8 *ies = found->pub.proberesp_ies;
685 if (found->proberesp_ies_allocated)
686 ies = krealloc(ies, ielen, GFP_ATOMIC);
688 ies = kmalloc(ielen, GFP_ATOMIC);
691 memcpy(ies, res->pub.proberesp_ies,
693 found->proberesp_ies_allocated = true;
694 found->pub.proberesp_ies = ies;
695 found->pub.len_proberesp_ies = ielen;
699 /* Override possible earlier Beacon frame IEs */
700 found->pub.information_elements =
701 found->pub.proberesp_ies;
702 found->pub.len_information_elements =
703 found->pub.len_proberesp_ies;
705 if (res->pub.beacon_ies) {
706 size_t used = dev->wiphy.bss_priv_size + sizeof(*res);
707 size_t ielen = res->pub.len_beacon_ies;
708 bool information_elements_is_beacon_ies =
709 (found->pub.information_elements ==
710 found->pub.beacon_ies);
712 if (found->pub.beacon_ies &&
713 !found->beacon_ies_allocated &&
714 ksize(found) >= used + ielen) {
715 memcpy(found->pub.beacon_ies,
716 res->pub.beacon_ies, ielen);
717 found->pub.len_beacon_ies = ielen;
719 u8 *ies = found->pub.beacon_ies;
721 if (found->beacon_ies_allocated)
722 ies = krealloc(ies, ielen, GFP_ATOMIC);
724 ies = kmalloc(ielen, GFP_ATOMIC);
727 memcpy(ies, res->pub.beacon_ies,
729 found->beacon_ies_allocated = true;
730 found->pub.beacon_ies = ies;
731 found->pub.len_beacon_ies = ielen;
735 /* Override IEs if they were from a beacon before */
736 if (information_elements_is_beacon_ies) {
737 found->pub.information_elements =
738 found->pub.beacon_ies;
739 found->pub.len_information_elements =
740 found->pub.len_beacon_ies;
744 kref_put(&res->ref, bss_release);
746 struct cfg80211_internal_bss *hidden;
748 /* First check if the beacon is a probe response from
749 * a hidden bss. If so, copy beacon ies (with nullified
750 * ssid) into the probe response bss entry (with real ssid).
751 * It is required basically for PSM implementation
752 * (probe responses do not contain tim ie) */
754 /* TODO: The code is not trying to update existing probe
755 * response bss entries when beacon ies are
756 * getting changed. */
757 hidden = rb_find_hidden_bss(dev, res);
759 copy_hidden_ies(res, hidden);
761 /* this "consumes" the reference */
762 list_add_tail(&res->list, &dev->bss_list);
763 rb_insert_bss(dev, res);
767 dev->bss_generation++;
768 spin_unlock_bh(&dev->bss_lock);
770 kref_get(&found->ref);
774 static struct ieee80211_channel *
775 cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen,
776 struct ieee80211_channel *channel)
780 int channel_number = -1;
782 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen);
783 if (tmp && tmp[1] == 1) {
784 channel_number = tmp[2];
786 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen);
787 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) {
788 struct ieee80211_ht_operation *htop = (void *)(tmp + 2);
790 channel_number = htop->primary_chan;
794 if (channel_number < 0)
797 freq = ieee80211_channel_to_frequency(channel_number, channel->band);
798 channel = ieee80211_get_channel(wiphy, freq);
801 if (channel->flags & IEEE80211_CHAN_DISABLED)
807 cfg80211_inform_bss(struct wiphy *wiphy,
808 struct ieee80211_channel *channel,
809 const u8 *bssid, u64 tsf, u16 capability,
810 u16 beacon_interval, const u8 *ie, size_t ielen,
811 s32 signal, gfp_t gfp)
813 struct cfg80211_internal_bss *res;
819 privsz = wiphy->bss_priv_size;
821 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
822 (signal < 0 || signal > 100)))
825 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, channel);
829 res = kzalloc(sizeof(*res) + privsz + ielen, gfp);
833 memcpy(res->pub.bssid, bssid, ETH_ALEN);
834 res->pub.channel = channel;
835 res->pub.signal = signal;
837 res->pub.beacon_interval = beacon_interval;
838 res->pub.capability = capability;
840 * Since we do not know here whether the IEs are from a Beacon or Probe
841 * Response frame, we need to pick one of the options and only use it
842 * with the driver that does not provide the full Beacon/Probe Response
843 * frame. Use Beacon frame pointer to avoid indicating that this should
844 * override the information_elements pointer should we have received an
845 * earlier indication of Probe Response data.
847 * The initial buffer for the IEs is allocated with the BSS entry and
848 * is located after the private area.
850 res->pub.beacon_ies = (u8 *)res + sizeof(*res) + privsz;
851 memcpy(res->pub.beacon_ies, ie, ielen);
852 res->pub.len_beacon_ies = ielen;
853 res->pub.information_elements = res->pub.beacon_ies;
854 res->pub.len_information_elements = res->pub.len_beacon_ies;
856 kref_init(&res->ref);
858 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res);
862 if (res->pub.capability & WLAN_CAPABILITY_ESS)
863 regulatory_hint_found_beacon(wiphy, channel, gfp);
865 trace_cfg80211_return_bss(&res->pub);
866 /* cfg80211_bss_update gives us a referenced result */
869 EXPORT_SYMBOL(cfg80211_inform_bss);
871 struct cfg80211_bss *
872 cfg80211_inform_bss_frame(struct wiphy *wiphy,
873 struct ieee80211_channel *channel,
874 struct ieee80211_mgmt *mgmt, size_t len,
875 s32 signal, gfp_t gfp)
877 struct cfg80211_internal_bss *res;
878 size_t ielen = len - offsetof(struct ieee80211_mgmt,
879 u.probe_resp.variable);
882 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) !=
883 offsetof(struct ieee80211_mgmt, u.beacon.variable));
885 trace_cfg80211_inform_bss_frame(wiphy, channel, mgmt, len, signal);
893 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
894 (signal < 0 || signal > 100)))
897 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable)))
900 privsz = wiphy->bss_priv_size;
902 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable,
907 res = kzalloc(sizeof(*res) + privsz + ielen, gfp);
911 memcpy(res->pub.bssid, mgmt->bssid, ETH_ALEN);
912 res->pub.channel = channel;
913 res->pub.signal = signal;
914 res->pub.tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp);
915 res->pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int);
916 res->pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info);
918 * The initial buffer for the IEs is allocated with the BSS entry and
919 * is located after the private area.
921 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
922 res->pub.proberesp_ies = (u8 *) res + sizeof(*res) + privsz;
923 memcpy(res->pub.proberesp_ies, mgmt->u.probe_resp.variable,
925 res->pub.len_proberesp_ies = ielen;
926 res->pub.information_elements = res->pub.proberesp_ies;
927 res->pub.len_information_elements = res->pub.len_proberesp_ies;
929 res->pub.beacon_ies = (u8 *) res + sizeof(*res) + privsz;
930 memcpy(res->pub.beacon_ies, mgmt->u.beacon.variable, ielen);
931 res->pub.len_beacon_ies = ielen;
932 res->pub.information_elements = res->pub.beacon_ies;
933 res->pub.len_information_elements = res->pub.len_beacon_ies;
936 kref_init(&res->ref);
938 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res);
942 if (res->pub.capability & WLAN_CAPABILITY_ESS)
943 regulatory_hint_found_beacon(wiphy, channel, gfp);
945 trace_cfg80211_return_bss(&res->pub);
946 /* cfg80211_bss_update gives us a referenced result */
949 EXPORT_SYMBOL(cfg80211_inform_bss_frame);
951 void cfg80211_ref_bss(struct cfg80211_bss *pub)
953 struct cfg80211_internal_bss *bss;
958 bss = container_of(pub, struct cfg80211_internal_bss, pub);
961 EXPORT_SYMBOL(cfg80211_ref_bss);
963 void cfg80211_put_bss(struct cfg80211_bss *pub)
965 struct cfg80211_internal_bss *bss;
970 bss = container_of(pub, struct cfg80211_internal_bss, pub);
971 kref_put(&bss->ref, bss_release);
973 EXPORT_SYMBOL(cfg80211_put_bss);
975 void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
977 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
978 struct cfg80211_internal_bss *bss;
983 bss = container_of(pub, struct cfg80211_internal_bss, pub);
985 spin_lock_bh(&dev->bss_lock);
986 if (!list_empty(&bss->list)) {
987 __cfg80211_unlink_bss(dev, bss);
988 dev->bss_generation++;
990 spin_unlock_bh(&dev->bss_lock);
992 EXPORT_SYMBOL(cfg80211_unlink_bss);
994 #ifdef CONFIG_CFG80211_WEXT
995 int cfg80211_wext_siwscan(struct net_device *dev,
996 struct iw_request_info *info,
997 union iwreq_data *wrqu, char *extra)
999 struct cfg80211_registered_device *rdev;
1000 struct wiphy *wiphy;
1001 struct iw_scan_req *wreq = NULL;
1002 struct cfg80211_scan_request *creq = NULL;
1003 int i, err, n_channels = 0;
1004 enum ieee80211_band band;
1006 if (!netif_running(dev))
1009 if (wrqu->data.length == sizeof(struct iw_scan_req))
1010 wreq = (struct iw_scan_req *)extra;
1012 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1015 return PTR_ERR(rdev);
1017 if (rdev->scan_req) {
1022 wiphy = &rdev->wiphy;
1024 /* Determine number of channels, needed to allocate creq */
1025 if (wreq && wreq->num_channels)
1026 n_channels = wreq->num_channels;
1028 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
1029 if (wiphy->bands[band])
1030 n_channels += wiphy->bands[band]->n_channels;
1033 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
1034 n_channels * sizeof(void *),
1041 creq->wiphy = wiphy;
1042 creq->wdev = dev->ieee80211_ptr;
1043 /* SSIDs come after channels */
1044 creq->ssids = (void *)&creq->channels[n_channels];
1045 creq->n_channels = n_channels;
1047 creq->scan_start = jiffies;
1049 /* translate "Scan on frequencies" request */
1051 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1054 if (!wiphy->bands[band])
1057 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1058 /* ignore disabled channels */
1059 if (wiphy->bands[band]->channels[j].flags &
1060 IEEE80211_CHAN_DISABLED)
1063 /* If we have a wireless request structure and the
1064 * wireless request specifies frequencies, then search
1065 * for the matching hardware channel.
1067 if (wreq && wreq->num_channels) {
1069 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq;
1070 for (k = 0; k < wreq->num_channels; k++) {
1071 int wext_freq = cfg80211_wext_freq(wiphy, &wreq->channel_list[k]);
1072 if (wext_freq == wiphy_freq)
1073 goto wext_freq_found;
1075 goto wext_freq_not_found;
1079 creq->channels[i] = &wiphy->bands[band]->channels[j];
1081 wext_freq_not_found: ;
1084 /* No channels found? */
1090 /* Set real number of channels specified in creq->channels[] */
1091 creq->n_channels = i;
1093 /* translate "Scan for SSID" request */
1095 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
1096 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
1100 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
1101 creq->ssids[0].ssid_len = wreq->essid_len;
1103 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE)
1107 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1108 if (wiphy->bands[i])
1109 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
1111 rdev->scan_req = creq;
1112 err = rdev_scan(rdev, creq);
1114 rdev->scan_req = NULL;
1115 /* creq will be freed below */
1117 nl80211_send_scan_start(rdev, dev->ieee80211_ptr);
1118 /* creq now owned by driver */
1124 cfg80211_unlock_rdev(rdev);
1127 EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan);
1129 static void ieee80211_scan_add_ies(struct iw_request_info *info,
1130 struct cfg80211_bss *bss,
1131 char **current_ev, char *end_buf)
1133 u8 *pos, *end, *next;
1134 struct iw_event iwe;
1136 if (!bss->information_elements ||
1137 !bss->len_information_elements)
1141 * If needed, fragment the IEs buffer (at IE boundaries) into short
1142 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages.
1144 pos = bss->information_elements;
1145 end = pos + bss->len_information_elements;
1147 while (end - pos > IW_GENERIC_IE_MAX) {
1148 next = pos + 2 + pos[1];
1149 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX)
1150 next = next + 2 + next[1];
1152 memset(&iwe, 0, sizeof(iwe));
1153 iwe.cmd = IWEVGENIE;
1154 iwe.u.data.length = next - pos;
1155 *current_ev = iwe_stream_add_point(info, *current_ev,
1156 end_buf, &iwe, pos);
1162 memset(&iwe, 0, sizeof(iwe));
1163 iwe.cmd = IWEVGENIE;
1164 iwe.u.data.length = end - pos;
1165 *current_ev = iwe_stream_add_point(info, *current_ev,
1166 end_buf, &iwe, pos);
1170 static inline unsigned int elapsed_jiffies_msecs(unsigned long start)
1172 unsigned long end = jiffies;
1175 return jiffies_to_msecs(end - start);
1177 return jiffies_to_msecs(end + (MAX_JIFFY_OFFSET - start) + 1);
1181 ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
1182 struct cfg80211_internal_bss *bss, char *current_ev,
1185 struct iw_event iwe;
1187 u8 *ie = bss->pub.information_elements;
1188 int rem = bss->pub.len_information_elements, i, sig;
1189 bool ismesh = false;
1191 memset(&iwe, 0, sizeof(iwe));
1192 iwe.cmd = SIOCGIWAP;
1193 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
1194 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN);
1195 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1198 memset(&iwe, 0, sizeof(iwe));
1199 iwe.cmd = SIOCGIWFREQ;
1200 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq);
1202 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1205 memset(&iwe, 0, sizeof(iwe));
1206 iwe.cmd = SIOCGIWFREQ;
1207 iwe.u.freq.m = bss->pub.channel->center_freq;
1209 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
1212 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) {
1213 memset(&iwe, 0, sizeof(iwe));
1215 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED |
1216 IW_QUAL_NOISE_INVALID |
1217 IW_QUAL_QUAL_UPDATED;
1218 switch (wiphy->signal_type) {
1219 case CFG80211_SIGNAL_TYPE_MBM:
1220 sig = bss->pub.signal / 100;
1221 iwe.u.qual.level = sig;
1222 iwe.u.qual.updated |= IW_QUAL_DBM;
1223 if (sig < -110) /* rather bad */
1225 else if (sig > -40) /* perfect */
1227 /* will give a range of 0 .. 70 */
1228 iwe.u.qual.qual = sig + 110;
1230 case CFG80211_SIGNAL_TYPE_UNSPEC:
1231 iwe.u.qual.level = bss->pub.signal;
1232 /* will give range 0 .. 100 */
1233 iwe.u.qual.qual = bss->pub.signal;
1239 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1240 &iwe, IW_EV_QUAL_LEN);
1243 memset(&iwe, 0, sizeof(iwe));
1244 iwe.cmd = SIOCGIWENCODE;
1245 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY)
1246 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
1248 iwe.u.data.flags = IW_ENCODE_DISABLED;
1249 iwe.u.data.length = 0;
1250 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1255 if (ie[1] > rem - 2)
1260 memset(&iwe, 0, sizeof(iwe));
1261 iwe.cmd = SIOCGIWESSID;
1262 iwe.u.data.length = ie[1];
1263 iwe.u.data.flags = 1;
1264 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1267 case WLAN_EID_MESH_ID:
1268 memset(&iwe, 0, sizeof(iwe));
1269 iwe.cmd = SIOCGIWESSID;
1270 iwe.u.data.length = ie[1];
1271 iwe.u.data.flags = 1;
1272 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1275 case WLAN_EID_MESH_CONFIG:
1277 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
1279 buf = kmalloc(50, GFP_ATOMIC);
1283 memset(&iwe, 0, sizeof(iwe));
1284 iwe.cmd = IWEVCUSTOM;
1285 sprintf(buf, "Mesh Network Path Selection Protocol ID: "
1287 iwe.u.data.length = strlen(buf);
1288 current_ev = iwe_stream_add_point(info, current_ev,
1291 sprintf(buf, "Path Selection Metric ID: 0x%02X",
1293 iwe.u.data.length = strlen(buf);
1294 current_ev = iwe_stream_add_point(info, current_ev,
1297 sprintf(buf, "Congestion Control Mode ID: 0x%02X",
1299 iwe.u.data.length = strlen(buf);
1300 current_ev = iwe_stream_add_point(info, current_ev,
1303 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]);
1304 iwe.u.data.length = strlen(buf);
1305 current_ev = iwe_stream_add_point(info, current_ev,
1308 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]);
1309 iwe.u.data.length = strlen(buf);
1310 current_ev = iwe_stream_add_point(info, current_ev,
1313 sprintf(buf, "Formation Info: 0x%02X", cfg[5]);
1314 iwe.u.data.length = strlen(buf);
1315 current_ev = iwe_stream_add_point(info, current_ev,
1318 sprintf(buf, "Capabilities: 0x%02X", cfg[6]);
1319 iwe.u.data.length = strlen(buf);
1320 current_ev = iwe_stream_add_point(info, current_ev,
1325 case WLAN_EID_SUPP_RATES:
1326 case WLAN_EID_EXT_SUPP_RATES:
1327 /* display all supported rates in readable format */
1328 p = current_ev + iwe_stream_lcp_len(info);
1330 memset(&iwe, 0, sizeof(iwe));
1331 iwe.cmd = SIOCGIWRATE;
1332 /* Those two flags are ignored... */
1333 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
1335 for (i = 0; i < ie[1]; i++) {
1336 iwe.u.bitrate.value =
1337 ((ie[i + 2] & 0x7f) * 500000);
1338 p = iwe_stream_add_value(info, current_ev, p,
1339 end_buf, &iwe, IW_EV_PARAM_LEN);
1348 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) ||
1350 memset(&iwe, 0, sizeof(iwe));
1351 iwe.cmd = SIOCGIWMODE;
1353 iwe.u.mode = IW_MODE_MESH;
1354 else if (bss->pub.capability & WLAN_CAPABILITY_ESS)
1355 iwe.u.mode = IW_MODE_MASTER;
1357 iwe.u.mode = IW_MODE_ADHOC;
1358 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
1359 &iwe, IW_EV_UINT_LEN);
1362 buf = kmalloc(30, GFP_ATOMIC);
1364 memset(&iwe, 0, sizeof(iwe));
1365 iwe.cmd = IWEVCUSTOM;
1366 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->pub.tsf));
1367 iwe.u.data.length = strlen(buf);
1368 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
1370 memset(&iwe, 0, sizeof(iwe));
1371 iwe.cmd = IWEVCUSTOM;
1372 sprintf(buf, " Last beacon: %ums ago",
1373 elapsed_jiffies_msecs(bss->ts));
1374 iwe.u.data.length = strlen(buf);
1375 current_ev = iwe_stream_add_point(info, current_ev,
1376 end_buf, &iwe, buf);
1380 ieee80211_scan_add_ies(info, &bss->pub, ¤t_ev, end_buf);
1386 static int ieee80211_scan_results(struct cfg80211_registered_device *dev,
1387 struct iw_request_info *info,
1388 char *buf, size_t len)
1390 char *current_ev = buf;
1391 char *end_buf = buf + len;
1392 struct cfg80211_internal_bss *bss;
1394 spin_lock_bh(&dev->bss_lock);
1395 cfg80211_bss_expire(dev);
1397 list_for_each_entry(bss, &dev->bss_list, list) {
1398 if (buf + len - current_ev <= IW_EV_ADDR_LEN) {
1399 spin_unlock_bh(&dev->bss_lock);
1402 current_ev = ieee80211_bss(&dev->wiphy, info, bss,
1403 current_ev, end_buf);
1405 spin_unlock_bh(&dev->bss_lock);
1406 return current_ev - buf;
1410 int cfg80211_wext_giwscan(struct net_device *dev,
1411 struct iw_request_info *info,
1412 struct iw_point *data, char *extra)
1414 struct cfg80211_registered_device *rdev;
1417 if (!netif_running(dev))
1420 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex);
1423 return PTR_ERR(rdev);
1425 if (rdev->scan_req) {
1430 res = ieee80211_scan_results(rdev, info, extra, data->length);
1438 cfg80211_unlock_rdev(rdev);
1441 EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan);
projects / karo-tx-linux.git / blob